Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Publish nativelink-worker image for C++ #794

Merged
merged 1 commit into from
Mar 27, 2024
Merged

Publish nativelink-worker image for C++ #794

merged 1 commit into from
Mar 27, 2024

Conversation

aaronmondal
Copy link
Member

@aaronmondal aaronmondal commented Mar 26, 2024
edited by allada
Loading

This should make it easier to spin up test instances for C++ projects. The nativelink worker image may now be fetched from:

ghcr.io/tracemachina/nativelink-worker-lre-cc:<sometag>

Since the toolchain images are somewhat more complex than the minimal nativelink image, we now use trivy to scan images for vulnerabilities. The database for these scans is fetched dynamically. This breaks perfect reproducibility for the image publishing workflow when rolling back/reverting, but ensures that new commits aren't checked against outdated vulnerability databases.

This change is Reviewable

aaronmondal
aaronmondal commented Mar 26, 2024
View reviewed changes
Copy link
Member Author

@aaronmondal aaronmondal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+@adam-singer +@zbirenbaum +@blakehatch +@MarcusSorealheis @kubevalet

+@allada After this change the image needs to be set to "public" in the Package Settings for (not yet existing): https://github.com/TraceMachina/nativelink/pkgs/container/nativelink-worker-lre-cc

Reviewable status: 0 of 5 LGTMs obtained, and pending CI: Analyze (javascript-typescript), Analyze (python), Bazel Dev / ubuntu-22.04, Cargo Dev / macos-13, Cargo Dev / ubuntu-22.04, Local / ubuntu-22.04, Publish image, Publish nativelink-worker-lre-cc, Remote / large-ubuntu-22.04, asan / ubuntu-22.04, docker-compose-compiles-nativelink (20.04), docker-compose-compiles-nativelink (22.04), integration-tests (20.04), integration-tests (22.04), macos-13, pre-commit-checks, ubuntu-20.04 / stable, ubuntu-22.04, ubuntu-22.04 / stable, vale, windows-2022 / stable, zig-cc ubuntu-20.04, zig-cc ubuntu-22.04 (waiting on @adam-singer, @allada, @blakehatch, @MarcusSorealheis, and @zbirenbaum)

@aaronmondal aaronmondal force-pushed the publish-cc-worker branch 2 times, most recently from 30f2b1c to 5fcb651 Compare March 26, 2024 00:34
adam-singer
adam-singer approved these changes Mar 26, 2024
View reviewed changes
Copy link
Member

@adam-singer adam-singer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewed 6 of 6 files at r1, all commit messages.
Reviewable status: 1 of 5 LGTMs obtained (waiting on @allada, @blakehatch, @MarcusSorealheis, and @zbirenbaum)

@allada allada force-pushed the main branch 2 times, most recently from a2a06c2 to 09defc6 Compare March 26, 2024 18:19
zbirenbaum
zbirenbaum reviewed Mar 26, 2024
View reviewed changes
Copy link
Member

@zbirenbaum zbirenbaum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewable status: 2 of 5 LGTMs obtained (waiting on @allada, @blakehatch, and @MarcusSorealheis)

aaronmondal
aaronmondal commented Mar 26, 2024
View reviewed changes
Copy link
Member Author

@aaronmondal aaronmondal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

-@allada -@blakehatch -@MarcusSorealheis

Reviewable status: :shipit: complete! 2 of 2 LGTMs obtained

@aaronmondal
Publish nativelink-worker image for C++
55677a9 
This should make it easier to spin up test instances for C++ projects.
The nativelink worker image may now be fetched from:

```
ghcr.io/tracemachina/nativelink-worker-lre-cc:<sometag>
```

Since the toolchain images are somewhat more complex than the minimal
`nativelink` image, we now use trivy to scan images for vulnerabilities.
The database for these scans is fetched dynamically. This breaks perfect
reproducibility for the image publishing workflow when rolling
back/reverting, but ensures that new commits aren't checked against
outdated vulnerability databases.
aaronmondal
aaronmondal commented Mar 26, 2024
View reviewed changes
Copy link
Member Author

@aaronmondal aaronmondal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewed 6 of 6 files at r1, all commit messages.
Reviewable status: :shipit: complete! 2 of 2 LGTMs obtained

@aaronmondal aaronmondal merged commit 646253d into TraceMachina:main Mar 27, 2024
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zbirenbaum zbirenbaum zbirenbaum left review comments

@adam-singer adam-singer adam-singer approved these changes

Assignees

@adam-singer adam-singer

@zbirenbaum zbirenbaum

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@aaronmondal @adam-singer @zbirenbaum @allada @MarcusSorealheis @blakehatch